Master thesis projects: Threat modelling and attack simulation

Mathias Ekstedt

Modern digital systems are becoming increasingly complex, interconnected, and dependent on software components whose vulnerabilities can have far-reaching consequences. Traditional security assessments often fail to capture this complexity, leaving organizations uncertain about which threats truly matter and how attacks could propagate through their systems.
 
Threat modelling and attack simulation address this challenge by providing systematic, model-based methods to understand and quantify cyber risks. They allow analysts to represent system architectures, attacker capabilities, and defensive mechanisms in a formal structure that can be explored and tested through simulation. By visualizing and evaluating potential attack paths, these methods make it possible to prioritize security investments and design systems that are resilient by construction. The master’s thesis projects in this area invite students to apply and advance these techniques, contributing to more effective and data-driven cybersecurity for modern digital infrastructures.

1. A Formalism for Assessing Defensibility in Meta Attack Language (MAL) Threat Models
2. A Formalism for Automatic Generation of Representative Threat Models in the Meta Attack Language (MAL)
3. A Threat Modeling Language for LLM Prompt Injection and Model Context Protocol Attacks

Contact Mathias Ekstedt, mekstedt@kth.se , for information and application.